How can I protect my account?
Yoyo takes your account’s security very seriously.
Yoyo are authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011.
Here are some of the measures Yoyo take to ensure your account’s security:
Dynamic QR Code
The payment QR code located in your wallet changes every 30 seconds to ensure it cannot be reused outside of the app.
- In addition to your account’s password, you can set a passcode which will be required every time the app is opened. If your device supports fingerprint authentication and/or face ID, those options will automatically be presented to you once you have a set a passcode.
- In order to set a passcode, please select “Passcode” in the settings menu and follow the provided instructions there.
- Phone verification is a common security procedure used to make sure your phone number is in use, authenticate your registration, and increase the security of your account. Rest assured, the provided phone numbers are not used for marketing, or passed onto 3rd party providers which would use the number for marketing purposes.
Are my card details safe?
Any card information you provide Yoyo with is immediately encrypted on your device and is then passed directly to our PSP (Payment Service Provider) who is fully regulated and compliant with European regulations regarding personal financial information.
Our PSP (currently Stripe, Judopay or Checkout.com) sends back a randomised token which is used to request payment - this is called tokenisation and this fancy name actually means that your card details are never stored on our servers.
Is any information about the user stored on the device – i.e. history, preferences, age, gender, credit info, location used, type of device used, calorie intake etc? (data that could be sold on for profit)
When registering for a Yoyo account the user provides certain registration details (including name, email address, phone number and date of birth).
Yoyo does not store any of this information on the user's device. Yoyo only stores information on a user’s device where the user links a payment card to their Yoyo account. The card details are encrypted immediately and passed to our Payment Services Provider.
We use a tokenisation process to perform payments, meaning that the Payment Services Provider will send a dynamic randomised token to the user’s phone in the form of a QR code, and this QR code is scanned at the till. The QR code changes every 30 seconds.Yoyo does not store users’ card details on our servers, and this information is never passed to anyone including retailers.
Is any information about usage sent back to a third-party?
Yoyo acts as data controller of the personal data provided by users when the user sets up a Yoyo account. Yoyo uses a number of data processors to process personal data on behalf of Yoyo and Yoyo is responsible for their acts/omissions. Otherwise, Yoyo does not provide personal data (or other user specific use/ transaction information) to third parties. However, Yoyo is able to provide aggregate use/ transaction data to Yoyo’s customers. For example, this might include metrics such as average number of transactions over a given period or average spend.
Is there any cost associated with the app?
There is no charge to the users to use Yoyo, the only cost involved is the standard cost of paying for items at your location. Please note that when a debit/credit card is linked to the app, a 2p charge is made to confirm validity. This will be refunded to the users bank account within 5 working days.
Data protection statement
Yoyo acts as data controller in respect of users’ personal data.Yoyo does not act as a data processor on behalf of its customers. On this basis, each party remains responsible for its own compliance with data protection laws. Yoyo, of course, has in place a program of work to ensure compliance with GDPR. Yoyo will share users’ personal data with Yoyo’s customers only in certain circumstances (the most obvious being in relation to the provision of support or handling user complaints). Yoyo does not share users’ personal data with Yoyo’s customers in order that those customers can undertake direct marketing.
Where is data stored?
Yoyo Admin data is hosted on AWS Europe servers - Primary server is Dublin, secondary London/Paris.